1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/win/src/service_resolver.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,148 @@
1.4 +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +#ifndef SANDBOX_SRC_SERVICE_RESOLVER_H__
1.9 +#define SANDBOX_SRC_SERVICE_RESOLVER_H__
1.10 +
1.11 +#include "sandbox/win/src/nt_internals.h"
1.12 +#include "sandbox/win/src/resolver.h"
1.13 +
1.14 +namespace sandbox {
1.15 +
1.16 +// This is the concrete resolver used to perform service-call type functions
1.17 +// inside ntdll.dll.
1.18 +class ServiceResolverThunk : public ResolverThunk {
1.19 + public:
1.20 + // The service resolver needs a child process to write to.
1.21 + ServiceResolverThunk(HANDLE process, bool relaxed)
1.22 + : process_(process), ntdll_base_(NULL), win2k_(false),
1.23 + relaxed_(relaxed), relative_jump_(0) {}
1.24 + virtual ~ServiceResolverThunk() {}
1.25 +
1.26 + // Implementation of Resolver::Setup.
1.27 + virtual NTSTATUS Setup(const void* target_module,
1.28 + const void* interceptor_module,
1.29 + const char* target_name,
1.30 + const char* interceptor_name,
1.31 + const void* interceptor_entry_point,
1.32 + void* thunk_storage,
1.33 + size_t storage_bytes,
1.34 + size_t* storage_used);
1.35 +
1.36 + // Implementation of Resolver::ResolveInterceptor.
1.37 + virtual NTSTATUS ResolveInterceptor(const void* module,
1.38 + const char* function_name,
1.39 + const void** address);
1.40 +
1.41 + // Implementation of Resolver::ResolveTarget.
1.42 + virtual NTSTATUS ResolveTarget(const void* module,
1.43 + const char* function_name,
1.44 + void** address);
1.45 +
1.46 + // Implementation of Resolver::GetThunkSize.
1.47 + virtual size_t GetThunkSize() const;
1.48 +
1.49 + protected:
1.50 + // The unit test will use this member to allow local patch on a buffer.
1.51 + HMODULE ntdll_base_;
1.52 +
1.53 + // Handle of the child process.
1.54 + HANDLE process_;
1.55 +
1.56 + protected:
1.57 + // Keeps track of a Windows 2000 resolver.
1.58 + bool win2k_;
1.59 +
1.60 + private:
1.61 + // Returns true if the code pointer by target_ corresponds to the expected
1.62 + // type of function. Saves that code on the first part of the thunk pointed
1.63 + // by local_thunk (should be directly accessible from the parent).
1.64 + virtual bool IsFunctionAService(void* local_thunk) const;
1.65 +
1.66 + // Performs the actual patch of target_.
1.67 + // local_thunk must be already fully initialized, and the first part must
1.68 + // contain the original code. The real type of this buffer is ServiceFullThunk
1.69 + // (yes, private). remote_thunk (real type ServiceFullThunk), must be
1.70 + // allocated on the child, and will contain the thunk data, after this call.
1.71 + // Returns the apropriate status code.
1.72 + virtual NTSTATUS PerformPatch(void* local_thunk, void* remote_thunk);
1.73 +
1.74 + // Provides basically the same functionality as IsFunctionAService but it
1.75 + // continues even if it does not recognize the function code. remote_thunk
1.76 + // is the address of our memory on the child.
1.77 + bool SaveOriginalFunction(void* local_thunk, void* remote_thunk);
1.78 +
1.79 + // true if we are allowed to patch already-patched functions.
1.80 + bool relaxed_;
1.81 + ULONG relative_jump_;
1.82 +
1.83 + DISALLOW_COPY_AND_ASSIGN(ServiceResolverThunk);
1.84 +};
1.85 +
1.86 +// This is the concrete resolver used to perform service-call type functions
1.87 +// inside ntdll.dll on WOW64 (32 bit ntdll on 64 bit Vista).
1.88 +class Wow64ResolverThunk : public ServiceResolverThunk {
1.89 + public:
1.90 + // The service resolver needs a child process to write to.
1.91 + Wow64ResolverThunk(HANDLE process, bool relaxed)
1.92 + : ServiceResolverThunk(process, relaxed) {}
1.93 + virtual ~Wow64ResolverThunk() {}
1.94 +
1.95 + private:
1.96 + virtual bool IsFunctionAService(void* local_thunk) const;
1.97 +
1.98 + DISALLOW_COPY_AND_ASSIGN(Wow64ResolverThunk);
1.99 +};
1.100 +
1.101 +// This is the concrete resolver used to perform service-call type functions
1.102 +// inside ntdll.dll on WOW64 for Windows 8.
1.103 +class Wow64W8ResolverThunk : public ServiceResolverThunk {
1.104 + public:
1.105 + // The service resolver needs a child process to write to.
1.106 + Wow64W8ResolverThunk(HANDLE process, bool relaxed)
1.107 + : ServiceResolverThunk(process, relaxed) {}
1.108 + virtual ~Wow64W8ResolverThunk() {}
1.109 +
1.110 + private:
1.111 + virtual bool IsFunctionAService(void* local_thunk) const;
1.112 +
1.113 + DISALLOW_COPY_AND_ASSIGN(Wow64W8ResolverThunk);
1.114 +};
1.115 +
1.116 +// This is the concrete resolver used to perform service-call type functions
1.117 +// inside ntdll.dll on Windows 2000 and XP pre SP2.
1.118 +class Win2kResolverThunk : public ServiceResolverThunk {
1.119 + public:
1.120 + // The service resolver needs a child process to write to.
1.121 + Win2kResolverThunk(HANDLE process, bool relaxed)
1.122 + : ServiceResolverThunk(process, relaxed) {
1.123 + win2k_ = true;
1.124 + }
1.125 + virtual ~Win2kResolverThunk() {}
1.126 +
1.127 + private:
1.128 + virtual bool IsFunctionAService(void* local_thunk) const;
1.129 +
1.130 + DISALLOW_COPY_AND_ASSIGN(Win2kResolverThunk);
1.131 +};
1.132 +
1.133 +// This is the concrete resolver used to perform service-call type functions
1.134 +// inside ntdll.dll on Windows 8.
1.135 +class Win8ResolverThunk : public ServiceResolverThunk {
1.136 + public:
1.137 + // The service resolver needs a child process to write to.
1.138 + Win8ResolverThunk(HANDLE process, bool relaxed)
1.139 + : ServiceResolverThunk(process, relaxed) {}
1.140 + virtual ~Win8ResolverThunk() {}
1.141 +
1.142 + private:
1.143 + virtual bool IsFunctionAService(void* local_thunk) const;
1.144 +
1.145 + DISALLOW_COPY_AND_ASSIGN(Win8ResolverThunk);
1.146 +};
1.147 +
1.148 +} // namespace sandbox
1.149 +
1.150 +
1.151 +#endif // SANDBOX_SRC_SERVICE_RESOLVER_H__
